> That is, of course, assuming you don't get blue-pilled before you realize that
> it's been exploited. Running in a VM helps a *lot*, but it does *not*
> guarantee that nothing will get loose (and notice that a clever malware can
> simply redpill detect that it's running in a VM, and do nothing malicious until
> it detects that it's on a real machine - malware has a *long* tradition of
> detecting and evading if it's running under a debugger...
Nope, you have to distinguish between a sandbox (code is run) to an AV
scanner scanning code in a VM,
when the av scanner scans the code, the code is not executed and
cannot decide whether it is inside
a VM =)